Analysis
-
max time kernel
152s -
max time network
166s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
30-12-2023 08:28
General
-
Target
13695e278df773031e475f54a3a88de2.exe
-
Size
174KB
-
MD5
13695e278df773031e475f54a3a88de2
-
SHA1
7a628c4e3ee90624475c3b986e542f3b07b62e21
-
SHA256
da43c912ee3553be9d5880b8845653a441407737f01e7fc029a0d4900289362d
-
SHA512
e291047c69fa4e7d51686e30f6b8a921faa7533ce97cd1257c57df64eb567785c6fa9b86cada7c392108340e299fd514a626c9d1fda4a519d506ffe96ae82ca6
-
SSDEEP
3072:EVUy6nFP8lutw01N6KVO4UMBfhRX82CU8nMNGXwQJv8iiG9XGXTawAXDXhG:EqyKkMBPpVluWN+Jv8iiG9GmE
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 64 IoCs
-
Loads dropped DLL 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Drops file in Windows directory 64 IoCs
-
Program crash 10 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\13695e278df773031e475f54a3a88de2.exe"C:\Users\Admin\AppData\Local\Temp\13695e278df773031e475f54a3a88de2.exe"1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL2⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL3⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE3⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL4⤵
- Loads dropped DLL
- Modifies registry class
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE4⤵
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL5⤵
- Loads dropped DLL
- Modifies registry class
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE5⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL6⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE6⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL7⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE7⤵
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL8⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL9⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL10⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL11⤵
- Loads dropped DLL
- Modifies registry class
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL12⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE12⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL13⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE13⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL14⤵
- Loads dropped DLL
- Modifies registry class
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE14⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL15⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE15⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL16⤵
- Loads dropped DLL
- Modifies registry class
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE16⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL17⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE17⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL18⤵
- Loads dropped DLL
- Modifies registry class
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE18⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL19⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE19⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL20⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE20⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL21⤵
- Loads dropped DLL
- Modifies registry class
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE21⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL22⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE22⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL23⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE23⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL24⤵
- Loads dropped DLL
- Modifies registry class
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE24⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL25⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE25⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL26⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE26⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL27⤵
- Loads dropped DLL
- Modifies registry class
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE27⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL28⤵
- Loads dropped DLL
- Modifies registry class
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE28⤵
- Executes dropped EXE
- Drops file in Windows directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL29⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE29⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL30⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE30⤵
- Executes dropped EXE
- Drops file in Windows directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL31⤵
- Loads dropped DLL
- Modifies registry class
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE31⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL32⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE32⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL33⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE33⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL34⤵
- Loads dropped DLL
- Modifies registry class
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE34⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL35⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE35⤵
- Executes dropped EXE
- Drops file in Windows directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL36⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE36⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL37⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE37⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL38⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE38⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL39⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE39⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL40⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE40⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL41⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE41⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL42⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE42⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL43⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE43⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL44⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE44⤵
- Executes dropped EXE
- Drops file in Windows directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL45⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE45⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL46⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE46⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL47⤵
- Loads dropped DLL
- Modifies registry class
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE47⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL48⤵
- Loads dropped DLL
- Modifies registry class
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE48⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL49⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE49⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL50⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE50⤵
- Executes dropped EXE
- Drops file in Windows directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL51⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE51⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL52⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE52⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL53⤵
- Loads dropped DLL
- Modifies registry class
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE53⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL54⤵
- Loads dropped DLL
- Modifies registry class
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE54⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL55⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE55⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL56⤵
- Modifies registry class
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE56⤵
- Executes dropped EXE
- Drops file in Windows directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL57⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE57⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL58⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE58⤵
- Executes dropped EXE
- Drops file in Windows directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL59⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE59⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL60⤵
- Modifies registry class
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE60⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL61⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE61⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL62⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE62⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL63⤵
- Modifies registry class
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE63⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL64⤵
- Modifies registry class
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE64⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL65⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE65⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL66⤵
- Modifies registry class
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE66⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL67⤵
- Modifies registry class
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE67⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL68⤵
- Modifies registry class
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE68⤵
- Drops file in System32 directory
- Drops file in Windows directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL69⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE69⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL70⤵
- Modifies registry class
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE70⤵
- Drops file in Windows directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL71⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE71⤵
- Drops file in Windows directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL72⤵
- Modifies registry class
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE72⤵
- Drops file in Windows directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL73⤵
- Modifies registry class
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE73⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL74⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE74⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL75⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE75⤵
- Drops file in Windows directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL76⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE76⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL77⤵
- Modifies registry class
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE77⤵
- Drops file in Windows directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL78⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE78⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL79⤵
- Modifies registry class
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE79⤵
- Drops file in System32 directory
- Drops file in Windows directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL80⤵
- Modifies registry class
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE80⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL81⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE81⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL82⤵
- Modifies registry class
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE82⤵
- Drops file in Windows directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL83⤵
- Modifies registry class
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE83⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL84⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE84⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL85⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE85⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL86⤵
- Modifies registry class
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE86⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL87⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE87⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL88⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE88⤵
- Drops file in System32 directory
- Drops file in Windows directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL89⤵
- Modifies registry class
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE89⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL90⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE90⤵
- Drops file in Windows directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL91⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE91⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL92⤵
- Modifies registry class
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE92⤵
- Drops file in Windows directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL93⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE93⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL94⤵
- Modifies registry class
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE94⤵
- Drops file in Windows directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL95⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE95⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL96⤵
- Modifies registry class
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE96⤵
- Drops file in Windows directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL97⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE97⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL98⤵
- Modifies registry class
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE98⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL99⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE99⤵
- Drops file in Windows directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL100⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE100⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL101⤵
- Modifies registry class
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE101⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL102⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE102⤵
- Drops file in Windows directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL103⤵
- Modifies registry class
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE103⤵
- Drops file in Windows directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL104⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE104⤵
- Drops file in Windows directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL105⤵
- Modifies registry class
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE105⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL106⤵
- Modifies registry class
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE106⤵
- Drops file in Windows directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL107⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE107⤵
- Drops file in System32 directory
- Drops file in Windows directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL108⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE108⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL109⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE109⤵
- Drops file in Windows directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL110⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE110⤵
- Drops file in Windows directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL111⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE111⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL112⤵
- Modifies registry class
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE112⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL113⤵
- Modifies registry class
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE113⤵
- Drops file in Windows directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL114⤵
- Modifies registry class
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE114⤵
- Drops file in System32 directory
- Drops file in Windows directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL115⤵
- Modifies registry class
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE115⤵
- Drops file in System32 directory
- Drops file in Windows directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL116⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE116⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL117⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE117⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL118⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE118⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL119⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE119⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL120⤵
-
-
C:\Windows\SysWOW64\EXPL0RER.EXEC:\Windows\system32\EXPL0RER.EXE120⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32.exe /s C:\Windows\system32\SysModule64.DLL121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-